b96f0b5d958ad2b81a7dd719ca9dd3785ef358192d38ef315551233dace09da4

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
03/05/2024, 21:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Canadian Asocciation of Movers (1).pdf
Size

151KB
MD5

328c3a7440bb6187a4a80f97c2fdbb07
SHA1

e8b50c7b6f9bf9cec096022ed0de3830e6b58402
SHA256

b96f0b5d958ad2b81a7dd719ca9dd3785ef358192d38ef315551233dace09da4
SHA512

2d822a87e233474dad710876c74a414c253cf1b15c9f0a3c20ee3c5dfa518245095a102abf2772df2c4c56df73d15cf033e0c488244accfd8e5847ed881c3e77
SSDEEP

3072:sn2Sj3HFEoWSwbi9nqPo7sdVEgfc15CzAx+LLKK7Xm6cG9z2uSEIk3:snHJeb+nqSsZfc153WDbmEh26Ik3

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious behavior: EnumeratesProcesses 32 IoCs

pid	Process
4316	AcroRd32.exe
4316	AcroRd32.exe
4316	AcroRd32.exe
4316	AcroRd32.exe
4316	AcroRd32.exe
4316	AcroRd32.exe
4316	AcroRd32.exe
4316	AcroRd32.exe
4316	AcroRd32.exe
4316	AcroRd32.exe
4316	AcroRd32.exe
4316	AcroRd32.exe
4316	AcroRd32.exe
4316	AcroRd32.exe
4316	AcroRd32.exe
4316	AcroRd32.exe
4316	AcroRd32.exe
4316	AcroRd32.exe
4316	AcroRd32.exe
4316	AcroRd32.exe
4364	msedge.exe
4364	msedge.exe
1016	msedge.exe
1016	msedge.exe
6068	identity_helper.exe
6068	identity_helper.exe
6124	msedge.exe
6124	msedge.exe
5772	msedge.exe
5772	msedge.exe
5868	identity_helper.exe
5868	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
4316	AcroRd32.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
4316	AcroRd32.exe
4316	AcroRd32.exe
4316	AcroRd32.exe
4316	AcroRd32.exe
4316	AcroRd32.exe
4316	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4316 wrote to memory of 3352	4316	AcroRd32.exe	93
PID 4316 wrote to memory of 3352	4316	AcroRd32.exe	93
PID 4316 wrote to memory of 3352	4316	AcroRd32.exe	93
PID 3352 wrote to memory of 2692	3352	RdrCEF.exe	94
PID 3352 wrote to memory of 2692	3352	RdrCEF.exe	94
PID 3352 wrote to memory of 2692	3352	RdrCEF.exe	94
PID 3352 wrote to memory of 2692	3352	RdrCEF.exe	94
PID 3352 wrote to memory of 2692	3352	RdrCEF.exe	94
PID 3352 wrote to memory of 2692	3352	RdrCEF.exe	94
PID 3352 wrote to memory of 2692	3352	RdrCEF.exe	94
PID 3352 wrote to memory of 2692	3352	RdrCEF.exe	94
PID 3352 wrote to memory of 2692	3352	RdrCEF.exe	94
PID 3352 wrote to memory of 2692	3352	RdrCEF.exe	94
PID 3352 wrote to memory of 2692	3352	RdrCEF.exe	94
PID 3352 wrote to memory of 2692	3352	RdrCEF.exe	94
PID 3352 wrote to memory of 2692	3352	RdrCEF.exe	94
PID 3352 wrote to memory of 2692	3352	RdrCEF.exe	94
PID 3352 wrote to memory of 2692	3352	RdrCEF.exe	94
PID 3352 wrote to memory of 2692	3352	RdrCEF.exe	94
PID 3352 wrote to memory of 2692	3352	RdrCEF.exe	94
PID 3352 wrote to memory of 2692	3352	RdrCEF.exe	94
PID 3352 wrote to memory of 2692	3352	RdrCEF.exe	94
PID 3352 wrote to memory of 2692	3352	RdrCEF.exe	94
PID 3352 wrote to memory of 2692	3352	RdrCEF.exe	94
PID 3352 wrote to memory of 2692	3352	RdrCEF.exe	94
PID 3352 wrote to memory of 2692	3352	RdrCEF.exe	94
PID 3352 wrote to memory of 2692	3352	RdrCEF.exe	94
PID 3352 wrote to memory of 2692	3352	RdrCEF.exe	94
PID 3352 wrote to memory of 2692	3352	RdrCEF.exe	94
PID 3352 wrote to memory of 2692	3352	RdrCEF.exe	94
PID 3352 wrote to memory of 2692	3352	RdrCEF.exe	94
PID 3352 wrote to memory of 2692	3352	RdrCEF.exe	94
PID 3352 wrote to memory of 2692	3352	RdrCEF.exe	94
PID 3352 wrote to memory of 2692	3352	RdrCEF.exe	94
PID 3352 wrote to memory of 2692	3352	RdrCEF.exe	94
PID 3352 wrote to memory of 2692	3352	RdrCEF.exe	94
PID 3352 wrote to memory of 2692	3352	RdrCEF.exe	94
PID 3352 wrote to memory of 2692	3352	RdrCEF.exe	94
PID 3352 wrote to memory of 2692	3352	RdrCEF.exe	94
PID 3352 wrote to memory of 2692	3352	RdrCEF.exe	94
PID 3352 wrote to memory of 2692	3352	RdrCEF.exe	94
PID 3352 wrote to memory of 2692	3352	RdrCEF.exe	94
PID 3352 wrote to memory of 2692	3352	RdrCEF.exe	94
PID 3352 wrote to memory of 2692	3352	RdrCEF.exe	94
PID 3352 wrote to memory of 1836	3352	RdrCEF.exe	95
PID 3352 wrote to memory of 1836	3352	RdrCEF.exe	95
PID 3352 wrote to memory of 1836	3352	RdrCEF.exe	95
PID 3352 wrote to memory of 1836	3352	RdrCEF.exe	95
PID 3352 wrote to memory of 1836	3352	RdrCEF.exe	95
PID 3352 wrote to memory of 1836	3352	RdrCEF.exe	95
PID 3352 wrote to memory of 1836	3352	RdrCEF.exe	95
PID 3352 wrote to memory of 1836	3352	RdrCEF.exe	95
PID 3352 wrote to memory of 1836	3352	RdrCEF.exe	95
PID 3352 wrote to memory of 1836	3352	RdrCEF.exe	95
PID 3352 wrote to memory of 1836	3352	RdrCEF.exe	95
PID 3352 wrote to memory of 1836	3352	RdrCEF.exe	95
PID 3352 wrote to memory of 1836	3352	RdrCEF.exe	95
PID 3352 wrote to memory of 1836	3352	RdrCEF.exe	95
PID 3352 wrote to memory of 1836	3352	RdrCEF.exe	95
PID 3352 wrote to memory of 1836	3352	RdrCEF.exe	95
PID 3352 wrote to memory of 1836	3352	RdrCEF.exe	95
PID 3352 wrote to memory of 1836	3352	RdrCEF.exe	95
PID 3352 wrote to memory of 1836	3352	RdrCEF.exe	95
PID 3352 wrote to memory of 1836	3352	RdrCEF.exe	95

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Canadian Asocciation of Movers (1).pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4316
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3352
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=187C09F7F37974D31A73A55D686EA71D --mojo-platform-channel-handle=1720 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2692
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=BFFC3CCA57CC39938D1C7D70BBFAF09F --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=BFFC3CCA57CC39938D1C7D70BBFAF09F --renderer-client-id=2 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1836
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E773163E17ED6D220B4F39E4FEE2DDD6 --mojo-platform-channel-handle=2316 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1700
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=23F28DA202B9EE9C554FD484B2B22A8E --mojo-platform-channel-handle=1788 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2636
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F8B13F35ED659C4C7ECE349E6A3F4D88 --mojo-platform-channel-handle=1712 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2792
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=4AFC5507C076194196DC5E79200D0F9E --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=4AFC5507C076194196DC5E79200D0F9E --renderer-client-id=8 --mojo-platform-channel-handle=2384 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://e-membership-movers-association.canyonbrewing.co/?Bm=2y
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:1016
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa349846f8,0x7ffa34984708,0x7ffa34984718
    3⤵
    PID:1508
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,6780573924671418662,16207325615331717271,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
    3⤵
    PID:3660
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,6780573924671418662,16207325615331717271,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4364
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,6780573924671418662,16207325615331717271,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
    3⤵
    PID:1764
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6780573924671418662,16207325615331717271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
    3⤵
    PID:5032
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6780573924671418662,16207325615331717271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
    3⤵
    PID:4664
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6780573924671418662,16207325615331717271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1
    3⤵
    PID:5260
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6780573924671418662,16207325615331717271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:1
    3⤵
    PID:5472
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,6780573924671418662,16207325615331717271,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4288 /prefetch:8
    3⤵
    PID:5644
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,6780573924671418662,16207325615331717271,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4288 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:6068
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6780573924671418662,16207325615331717271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
    3⤵
    PID:6080
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6780573924671418662,16207325615331717271,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
    3⤵
    PID:6092
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6780573924671418662,16207325615331717271,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
    3⤵
    PID:5440
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6780573924671418662,16207325615331717271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
    3⤵
    PID:5724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://e-membership-movers-association.canyonbrewing.co/?Bm=2y
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:5772
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x78,0x108,0x7ffa349846f8,0x7ffa34984708,0x7ffa34984718
    3⤵
    PID:5508
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,12131180883272401803,4303407569877976574,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:2
    3⤵
    PID:6140
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2232,12131180883272401803,4303407569877976574,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:6124
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2232,12131180883272401803,4303407569877976574,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
    3⤵
    PID:6052
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,12131180883272401803,4303407569877976574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
    3⤵
    PID:2184
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,12131180883272401803,4303407569877976574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
    3⤵
    PID:5148
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,12131180883272401803,4303407569877976574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
    3⤵
    PID:1784
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,12131180883272401803,4303407569877976574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3644 /prefetch:1
    3⤵
    PID:3576
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,12131180883272401803,4303407569877976574,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 /prefetch:8
    3⤵
    PID:5828
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,12131180883272401803,4303407569877976574,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5868
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,12131180883272401803,4303407569877976574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
    3⤵
    PID:5912
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,12131180883272401803,4303407569877976574,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
    3⤵
    PID:5752
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,12131180883272401803,4303407569877976574,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:1
    3⤵
    PID:5568
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,12131180883272401803,4303407569877976574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
    3⤵
    PID:6132
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,12131180883272401803,4303407569877976574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
    3⤵
    PID:4528
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,12131180883272401803,4303407569877976574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
    3⤵
    PID:5148
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,12131180883272401803,4303407569877976574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
    3⤵
    PID:1500
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,12131180883272401803,4303407569877976574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
    3⤵
    PID:532
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,12131180883272401803,4303407569877976574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
    3⤵
    PID:1772
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,12131180883272401803,4303407569877976574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
    3⤵
    PID:4716
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,12131180883272401803,4303407569877976574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2020 /prefetch:1
    3⤵
    PID:4628
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,12131180883272401803,4303407569877976574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
    3⤵
    PID:5768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
c6d7ce6f8e0c149ad94e49c314801b87

SHA1
3cd2b7618fc8da4c1b1485533e7cab2a3781cfa2

SHA256
75b231220f1ab2a57cc0a2ac2b525f6f20f0006fea0be2b173f0fabb8a89f118

SHA512
8864ce84ff32440e40303c8bd9bcd1a3853b32fca2b50037133bf1368a9a0aed8028b1f6b930d02f41d38c79bf64e0185de1e3ecb15b58d5d51dcc020e1ad750

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
36KB

MD5
b30d3becc8731792523d599d949e63f5

SHA1
19350257e42d7aee17fb3bf139a9d3adb330fad4

SHA256
b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

SHA512
523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Filesize
12KB

MD5
faccb89411d29d30ba0656fed91b2d3e

SHA1
ebf4b626f3390d5011df218b17f57fd0996f56b9

SHA256
65a56f2c18a83c0b53eb6e7be8c4e7dac66831bdad7f8228940cb2b0993572b8

SHA512
6a31a70fe061c2ea56510d4a23de9f66a69280ef9f178b9df68fe9ef28fd7e58a9d796ab97826bc6a8a9b30a702c805206ece465bb9c46395328c385be8d7551

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f8faa8264ab11b24610e796493f6829f

SHA1
9c2e5c55afdcb67c60216295524aefb21454dd76

SHA256
b63753635716d649ed5437f512e10b6673ed78ef3de5744758bbebbec0a794c8

SHA512
a7dc99d43a0d07061f856b0d7f765761c393d0f999eba6b822bd26f7c0ccdb668e5ba0ba9145268ff837dfc1e6cdaa8fc6e4adb9b8742ae97f81608c6cae07fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f94d22d07203312925029e1cfc76e613

SHA1
0667666b6d06178e24d81dd7dcdf50752777a38d

SHA256
b0a7fab98afdd397718aca9c9b2936cbf04cea4701140e2bb7946bcc2d84281b

SHA512
a84db6a61af0a92102a6513f57aaa527d9e9c57fa86cf5dacb9755c1cd9a5c8a6f8b92555e4af5b2dfd26092a81d8efd8fd7c04d67e3659c02d448c99c09d8a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
41bc95ade920780b07ab459724b4836c

SHA1
0a3af33b68196ebe86d583efe97cd3a23ffcacda

SHA256
b8e2843ad251dbdbcb4dea5ffe44b585e67be5382fd399db510dc32f250f06f1

SHA512
4953e37bc708a00489e825442a132c45c2efd6f0311272a7f2e28fd9f28e43068ed7addc62a81b67f33253759864903fbc410b3db936ba66bbd57ce098f91c90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
1779164538a2508871211ec925f6e83b

SHA1
b0d272c5750ee1914d26a86c9f4750c60546cbb5

SHA256
e1e5c9768fa2ca075353809419f8d9c8c5a6d4974cd143238590025bd29be937

SHA512
a66b4a5a36fcfe53342b49abc5d33262d5180031ce00baedbe95346836b2a26a602710d904f4c311a9237ad593231eee535fb9c7e574f953f553e8b549c67d8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
c181e256fe36d42a8d10af9d6e53d974

SHA1
a8d2a9d003ec65ea8b6445106511c0d8b82ee85d

SHA256
9b3b653999c2fa210760a7c5f3bc1a04e0c9bdbea67df8fd697dd9bfde0f1858

SHA512
bb42d0690139d91011d90387add1d88ae34c108ff021d9a9434eb1ffcc0b4e3bdaec544ecc51716682702ffcf54124a4073a998b04f8abcfdcec51b1effce0ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
7c27720e6de7b2f1f09362df70bd77cd

SHA1
a4e7c4012e404e54d233dfdf3594c277483ff632

SHA256
f3c49d6e5dd3fcdb28aed5894e4b3d18ef0303feffe769d6bc02869cfeef512e

SHA512
0389c66f12a9e7ae1463b9b61c9ee66c85c3d38f862cfa6339b51e222f5095c77f05265cd9ce43ffaa00d49c5facbdd39499f54d60ceaed05cb36f3183dbb650

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor

Filesize
36KB

MD5
cf4b0a74bdc68a111bd7ccbd8569daa5

SHA1
e567e83b8db5476018dfed63802d0f60690c8139

SHA256
f79fc9fca22eace1d33311f380f135b75b30baa639f2d819fa437580ef268b6d

SHA512
4ffda967282821d319e22334cc4410eb8883b436654c2ffa65a7a75fdac296a349a672c734e8fed023b9b34d5f17d1af611f81d433108f898459b5ae412dac9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
389B

MD5
9590e0c0c7fdcafd90e246f44e1b98c7

SHA1
255e06724c8734830f460a1e1993dc7d0b8d1c83

SHA256
6e2fad90da1bbd8a29338df22a7afa7a2415b9c1ebc655ee022a74b6a0e9f06d

SHA512
de4fed6a20a5f62e68a210e7859c196fa6ef640b9072ba154719979a09519d749dc92a81f6949aad73ce2045f51885df73538c244261340c579eee50b3c41f75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8ee17add1ce29e825989a1b433baf6a3

SHA1
43473fadc283d25a69e2efd52ed1cf94531c0a42

SHA256
2f9e9662ff2a51b79ad65af354c54fd24a8b507634872e828ef9ec06c4f509f3

SHA512
aee6eff8922b66a211a088891a22e5a1da17f7817919430c5bf1d0d624317cdc488e3767dc8f8af8069f529fb9a50fcbffb494b873ae43f451edf3696d9e821c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1647e56d3bbd84d04e01eae25ccdc6b5

SHA1
95b0325ecb81dc5e09531ddc438418d8e942f0c1

SHA256
c5450703a04035c8729dbe9a20d92b4d1132c6b23552946f8fbb93666e3e1a40

SHA512
126fee6eaac4d796a7ff1eb5317e335c62ba378844d34559b7964cb74590b75b3e2e5528ec986a8c568836f79f31f39890950abdd8f60d909b5d4d39f8e52f4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
405f4068b5223bc745e7221fcfdf689e

SHA1
881468c0852267610ac80bab38f16bec7010710d

SHA256
8c1d88b19a976b4c19d1d3a92f1ae549a9fd9e1ceb631b6f5103eb18852ad999

SHA512
607e837b80187499605e39e2f6e048006568fe5a22ca3730b3a7350eca5c2a98fcc938ff2d54adc5c91e7abbb854df2c7c8b250d3153d1747dcdddc22c95212e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
24bc96043c8b3dacc654d6ec73a77a13

SHA1
c5146a2b5cbbeb54a0963b6ab74fc7b7304cf565

SHA256
936b2ff62eadd53a772eec962dda136b5e1ce4f29e37ca5505b0b2676f271cce

SHA512
57085e4d831fbbbfe625409d1a37be76416034e89357935abb36008dff9f75f33487b61a7f78f3a4869efc123560fa6094bbc4a04be8705b1f6d5b83de38fe9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f97532a6a9167f16daa5ef8faffdb917

SHA1
0b191f3ee3899b8cee8a64e01a02176991cfc8ce

SHA256
56624b76199d36484e6403660b1bddc3b25feba27e63a3afdf904bb80bf638d0

SHA512
8fe4b27c70cb42f80f1468c60a9a2d1e955e6ff1b2d834853cc0367fca2e73f3064275cf04141a9724046092fa59c5f2658087fe1062630a5cd119c20268bd42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1cb203ab0bd5c15876bf97fd34d0be22

SHA1
4f64ff3048b8b254db0c5e5c5711977eb877544e

SHA256
404e75a12a78fd9d48feeee2a8a971452a4c08e807e0dfef862c90ec386857f8

SHA512
4ae6b8bfcd295172fb4b1d1e250e30d4df152213218379d8145aec13f4c9eb10892d858a18ef47a1d9ff31b986ffa7218f2ee5170a90e7faea079d38280d04c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps

Filesize
33B

MD5
2b432fef211c69c745aca86de4f8e4ab

SHA1
4b92da8d4c0188cf2409500adcd2200444a82fcc

SHA256
42b55d126d1e640b1ed7a6bdcb9a46c81df461fa7e131f4f8c7108c2c61c14de

SHA512
948502de4dc89a7e9d2e1660451fcd0f44fd3816072924a44f145d821d0363233cc92a377dba3a0a9f849e3c17b1893070025c369c8120083a622d025fe1eacf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
156B

MD5
fa1af62bdaf3c63591454d2631d5dd6d

SHA1
14fc1fc51a9b7ccab8f04c45d84442ed02eb9466

SHA256
00dd3c8077c2cca17ea9b94804490326ae6f43e6070d06b1516dfd5c4736d94d

SHA512
2c3184f563b9a9bff088114f0547f204ee1e0b864115366c86506215f42d7dbf161bc2534ccaee783e62cc01105edffc5f5dabf229da5ebd839c96af1d45de77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
65e3fcb1e676379c3150292ebae3b598

SHA1
9a6f105c131eba996e2436c7dfaa177f76ca483c

SHA256
e92059aef51aa3893ff1c08cce03f0ee69842e6ac0c697770792ea2b5747feb1

SHA512
fcaed00ea42cc3a49ebb716e8615e96c933b82e5958546ea64a916bba4df38159f25310fadb601ccc0d99d582d032aca06fcc5ca74bb33d754b78cc40029d43f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13359244152428983

Filesize
1KB

MD5
8aef4eb10e33c78fdc5539cb02ab583e

SHA1
05cf60a6a5f75eb0d69874533b8bb61b683b7a81

SHA256
f09e3aea669385a362a72393121bad006d67b1b8e0353b777ca581c9a79863f0

SHA512
93f36138b02095c4d8cd1819721d15a20f49399b3f80e18805f8610f3ce52523605161162c0361d18703983d73611a21578eee92aedb13a19ded0ef7a2669b1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13359244152647983

Filesize
1KB

MD5
06794d4bb26b44866b7d14e9e36cda96

SHA1
0ca7777c23c3008e2470c4124804d3ef7bb29e2e

SHA256
b9e4b4b856da9d981a02acaca2e297a6f6727b57ebeea23b304b876804009673

SHA512
1e848ef40ab06cfc3a3899f964be35398c9e791359e5a4c5a5ebf20e6077069b56cfb435b1f6395a636b6eafa7566c21c3fc457681dcb5244aaa99ff1fbab51f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

Filesize
20KB

MD5
fca621466ede4c2499ecb9f3728e63ab

SHA1
3d5d4cd0fa702371f9d1a40e72e1fe19d194a3c4

SHA256
c6dde84fb40fb69d1a6637fe6bf781de51a4c24e45b616e8f97afd3c6fe200b8

SHA512
aa12ed8c1ff85af4375ac80d7fe494d6f8a70ddb3357c186a0c1ade9bbcc3efc3de5fb0ad4b81eb2ab9bc916b6adf8b76c30203f78e38cd00af5fa4ccf3e3760

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
93a375acc93077e23bc7dda6f2d8ad90

SHA1
fd018ec46c065af5b85e47a021ad75bfbf0df3c0

SHA256
6b0e32fbb67c9af76f1699a422f4d042f82958cd2ae9d012febd6930a8907dd4

SHA512
a5cc9b89f2bf7dec91d137e6ea728ac5d0e7815d101271f9f2daccdbaa3dbbf0aa4582c98e080c71829387a86b81ab450b5eda0e5f83627598b1bdff9e2d3e2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
999216c17f9377bf97262a0cbc11a916

SHA1
2fd533a7d388eb9a1c9e8bb61216cd10d2b801e4

SHA256
40fc21c97b7b925264deec885d877c66e04bbc330a26057b3eb39de211e913ef

SHA512
e6650f589359aa8f8baef0a08c5afe4b78375ed46bb1ae642e1d2fc7c5a2372c03bfd26a4b227fcd3d0698363ec9ee07eb65bbd6cf538714848ecaf6ed4f23f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
c3b5817f2163843afa9a8de62d4b8f9d

SHA1
a300aead76b73d5aef43ced20c3baa2f26d000c2

SHA256
34815fba45f24bda4260e22835a82deabe79d135d7b30f83cb0c239da73dac4e

SHA512
d7672190a674bacbc98e971c68b36d2a92f96708ec4abcc7b78a84f37096bfef550c8e7b0912c8130da449ae8a92f0e405d362b3249c080751bf079332843789

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG

Filesize
198B

MD5
a7ba56ba654711f9b131b2cd174d307d

SHA1
4febf15624fc8b8b7eb5c703908250388dbb0779

SHA256
26524d8a4461ac4642b9910bc9c143bb75f6e9e534b0b09d34efa6dccb4257c0

SHA512
844dff01b7a7366c6534e61f26770730778f146242a4de2527d6c1076824e06fa9a650e9dc48ecd019bc49d6b91da2cee6c11609699ff28449b57cb9e3e6b616

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000002

Filesize
50B

MD5
22bf0e81636b1b45051b138f48b3d148

SHA1
56755d203579ab356e5620ce7e85519ad69d614a

SHA256
e292f241daafc3df90f3e2d339c61c6e2787a0d0739aac764e1ea9bb8544ee97

SHA512
a4cf1f5c74e0df85dda8750be9070e24e19b8be15c6f22f0c234ef8423ef9ca3db22ba9ef777d64c33e8fd49fada6fcca26c1a14ba18e8472370533a1c65d8d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\heavy_ad_intervention_opt_out.db

Filesize
16KB

MD5
9e02552124890dc7e040ce55841d75a4

SHA1
f4179e9e3c00378fa4ad61c94527602c70aa0ad9

SHA256
7b6e4ce73ddd8b5e7a7c4a94374ac2815d0048a5296879d7659a92ee0b425c77

SHA512
3e10237b1bff73f3bb031f108b8de18f1b3c3396d63dfee8eb2401ce650392b9417143a9ef5234831d8386fc12e232b583dd45eada3f2828b3a0a818123dd5cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
d96b70182c25d181c4fd3efad985ecb4

SHA1
b84fee55deca9a8ef96c0965a09e903872623075

SHA256
7b68e9a45c07db541248ccb94a0888b975099110c2b795c9df1b34e79018a011

SHA512
7a1931dd08496328e8d1feb4e5fbcbb7a26d2965a1dc103e176143648a4cb629637966c90fa26114e5471db402bf867b4ebcb99587dead5151b77126d471843b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
187B

MD5
2b476f498e3f8975b090b2d0f15e61d4

SHA1
1830f8c69695d5b753b4e024a2cdf1bd69adf43c

SHA256
970d1bdd7a7b42d094b0d2e3665bdfe84090edf0445d22b62db4e623f6e035e0

SHA512
4838b2fadef49726133931e745811ca634caddb870be202ba29b59d9baeb4e4c714aae10a000378d564e8d3f119b033a3bc5a16d14199bda2195af87fc954b37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
53b4604268efd33eef17224d8025bdcd

SHA1
8028adaa4c1efa8238fa9cac1fcfadaaf6c40c57

SHA256
0d30ea5a1a473cd4b3d4971badfa3f2f4175149d3c17102e24b6acb9b5f4e660

SHA512
2c7782b8826e73a02bcd4fcb697887d24bcb92fe3191686aa5ca02534531ddabe1660208342c1d5d205e3ab4f464b4e963395dd08b47925ac1346e569f5f05a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
565B

MD5
05e354e6e41659ae3189b72748523578

SHA1
e5fdd42382331e61f21e666f17382942937b0dc0

SHA256
04a8c8a7c311e2b0e5c612be740293168bb382f529286bd67409a309bba40913

SHA512
cefb48dac809067d6d9f1c5bde7f763361a16f39232ce0854e6e33c8deeebbbbb89626df5805853cbe09ced6aca5cc836ef35c9d19fa5e5d11650a275ea5783e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
e397fcb8bfa23bbeea830fa9ff874314

SHA1
8229846d26ecab257ecd533b51948fa63919bca6

SHA256
15f11312dfa81d9405dee268db3f64eab0a20b18754772a5113f8a9d12deea2e

SHA512
336fcca4641b2ad9d40a5e101f18d5eec545f65a8c1f23263b245bb3b2ad95979ed6745edb4d070695ae7c80d3971c13aba3f8a2596f4849f7328be2f008841f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
3b5c4ad3dc396a90f494bcc10f3e8258

SHA1
d007516a3730b1bac423dd2af7b8f002c9c51bf8

SHA256
a279ab69f49a7d83f07e933df435ff57e391f1eb0dea1261776af50ec74540d4

SHA512
0b06e8e63d880acffe31cea3b24bbd20fd03137ae8c2d7afae026bdf30f6358a54f692164ca334e4e0ae23a355fa1f5a5cad146a73c6041797a1d01d8d51e930

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
b2e7b3068a8133d14ba585490f45c9ab

SHA1
b8fe2bb3c29e89d52d0e7d3ca3bbe75c9662c2d0

SHA256
d1b0b34312d1e7b6f6ab40febd47e40e8b2266ad7ba4f38bccbf4611c67351cb

SHA512
1c5f5319506aa1cb904869fedc84f6b44b55c14dbbf40256ef381e6421dc415ecd0823aa7a60c19f481cab8c5a5ba951d8d18951fe84cc1af14794b4813e080e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
326a67e8b6ee3f29e1335e0cdcc40e11

SHA1
6383651791c47ed906412c9796ebb3dbab4f79b4

SHA256
3de493876153241e2fbbe49d6e1f20228ea2a121b8bf7627cb6445b5c52d8e9d

SHA512
29e1a3541ac681f582265c1a2fa6712c3ced4b61f183a6fa92175228f9fb49c1c69dc2e80d9ae4a17e5b1e90dc6a7750279dfc9b628cdd09d5717be037b1220f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
edd63adbf5223e47e9eba5b30388b25b

SHA1
25b767bc711fca7a3272b288c4931dcc76997f4c

SHA256
4fef2777a58007b881ae1fd5a92c715ba32c01cc3f0ad11d1d27c0267549c19e

SHA512
c8c30fb16313333ef68cc500b5686f65017222395bfb5c615af29ccaabf52d4399b0cd2674b6a7ce352b7442a6435fcf2494aaae2080691ee6648c41001afcd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
50419811f4da0faaa93cf0442f483254

SHA1
f7d93982de4246419486ce84273530923db14531

SHA256
1108a1ac33e3bfed7050bdfaf7a53770fedf0fe7b326e8ea82c941ba30275388

SHA512
dd9958b396f417d79f13436f766f10f51e7157146af848c6c0a909b8d5e3c83cb8033d3182223da418fca00fa9d47507d4f0c77e6a7793bec2b25b17be1b2bab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
3B

MD5
b987a99c734043fd91fc20c41d5aab6c

SHA1
a76fae882ac95a708dc9e48277fc0501bd732343

SHA256
66e34559abce5b044c9d3e178a4f53a617d15a7699610956ac9de80bcbd169ba

SHA512
089f6b5428b2453061aeceb81828dddfd66ccaf5224b6c93a21db05293ad2dee6e5779347651538ba2aaade83bce301659662f310214d7282254868781ec8220

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
da6c7619dd823dd1087360114ef7141e

SHA1
d75f69418d0a42a403294d8d1f393c6588128ad3

SHA256
2fd648ed4c4bff31ab59f07b70c61ca1879b377c61d32f26f7f15b984cb6d259

SHA512
1b1daf8e29d85760a58620f6b8820fb0ec461744356abdbe4d68ab592a336ac77834cb908dfe24ebf9a13b62af9df4ffee40ff0d8d78f71180943b71bd39afde

Download Submit